Security News
Teams are deploying software from DevOps teams at an accelerated rate, according to Sonatype, providers of the Nexus platform for application security, which recently released the 2020 DevSecOps Community Survey. The survey also showed that teams with mature DevOps support were happier in their jobs.
These new capabilities enable network teams to better integrate cloud resources in Amazon Web Services with on-premises networks, protect themselves from advanced cyber threats, and reduce the risk of network outages. Because the new universal work from home reality has introduced new risks to enterprise networks, BlueCat also introduced several security improvements to BlueCat Threat Protection, its DNS firewall solution.
A surprising 51 percent of technology professionals and leaders are highly confident that their cybersecurity teams are ready to detect and respond to rising cybersecurity attacks during COVID-19, according to ISACA. Additionally, 59 percent say their cybersecurity team has the necessary tools and resources at home to perform their job effectively. While 80 percent of organizations shared cyber risk best practices for working at home as shelter in place orders began, 87 percent of respondents still say the rapid transition to remote work has increased data protection and privacy risk.
Phishers are using fake Microsoft Teams notification emails to trick users into sharing their Microsoft Teams and Office 365 login credentials. "Should the recipient fall victim to this attack, this user's credentials would be compromised. Additionally, since Microsoft Teams is linked to Microsoft Office 365, the attacker may have access to other information available with the user's Microsoft credentials via single-sign on," Abnormal Security warns.
A new phishing campaign discovered by security provider Abnormal Security is exploiting the greater use of Teams as a way to hijack Microsoft account credentials. In a blog post published on Friday, Abnormal Security found a series of convincing emails designed to spoof notification messages from Microsoft Teams.
Two separate attacks have targeted as many as 50,000 different Teams users, according to findings from Abnormal Security. If recipients click the link, they'll be presented with a button asking them to log in to Microsoft Teams - if that button is clicked, they're taken to a malicious page which impersonates the Microsoft Office login page in order to steal their credentials.
Moogsoft announced the release of Moogsoft Enterprise 8.0, a complete AIOps platform that enables IT Ops and DevOps teams to build a virtual Network Operations Center and work more effectively from anywhere. Moogsoft Enterprise 8.0 consolidates visibility and control of monitoring tools to help entire IT Ops and DevOps teams reduce noise, prioritize incidents, reduce escalations and ensure uptime.
Microsoft has quickly fixed a flaw in its Teams videoconferencing and collaboration program that could have allowed attackers to launch a wormlike attack on multiple accounts by sending one victim a malicious GIF image. If an attacker can somehow force a user to visit the sub-domains that have been taken over, the victim's browser will send this cookie to the attacker's server and the attacker can create a skype token.
Microsoft has patched a worm-like vulnerability in its Teams workplace video chat and collaboration platform that could have allowed attackers to take over an organization's entire roster of Teams accounts just by sending participants a malicious link to an innocent-looking image. "Eventually, the attacker could access all the data from your organization's Teams accounts - gathering confidential information, meetings and calendar information, competitive data, secrets, passwords, private information, business plans, etc."
Microsoft has patched a worm-like vulnerability in its Teams workplace video chat and collaboration platform that could have allowed attackers to take over an organization's entire roster of Teams accounts just by sending participants a malicious link to an innocent-looking image. "Eventually, the attacker could access all the data from your organization's Teams accounts - gathering confidential information, meetings and calendar information, competitive data, secrets, passwords, private information, business plans, etc."